Configure a Routing Policy

Create a Network Policy. For more information about router policies, see Router Settings.

There are three Policy Types for policy-based routing: Split Tunnel, Tunnel All, and Custom. When routing is enabled and SD-WAN is disabled, you can use any of these routing policy types. When both routing and SD-WAN are enabled, you must define custom routing rules. The Split Tunnel or Tunnel All options involve fewer routing considerations. If you configure the router to use Split Tunnel, the router applies the split tunnel template to the traffic, forwarding corporate traffic through the VPN tunnel and forwarding Internet traffic through the preferred interface to the Internet. If you configure the router to use Tunnel All, the router forwards corporate traffic through the VPN interface, but drops Internet traffic.

This task is part of the network policy configuration workflow. Use this task to configure a routing policy.

Go to Configure > Network Policies.
Select an existing network policy, and then select , or select .
After you save the Policy Details, select 5 Branch Routing.
From the Router Settings menu, select Routing Policy.
Toggle Enable Routing Policy to ON.
If not selecting an existing policy, select ADD.
Type a Name for the routing policy.
Optional: Type a Description for the routing policy.

Although optional, descriptions can be helpful when you are troubleshooting your network.
Select a Policy Type:
- Split Tunnel: Use the Forwarding Action drop-down list to choose the forwarding interface to drop or forward traffic to the Internet. Choose a Backup Forwarding Action secondary interface from the drop-down list to drop or forward traffic to the Internet in the event that the primary interface goes down.
  - None: Takes no forwarding action.
  - Primary WAN: Routes traffic through the interface designated as the primary WAN interface in the device template. By default, the primary WAN interface on an Extreme Networks branch router is ETH0.
  - Backup WAN-1: Routes traffic through the interface designated as the backup WAN interface in the device template.
  - Backup WAN-2: Routes traffic through the interface designated as the secondary backup WAN interface when there are three interfaces in WAN mode. By default, the Backup WAN-2 interface on a router is the wireless USB modem.
  - VPN: Routes traffic through the tunnel interface on a router that connects a branch site to the corporate site through an IPsec VPN tunnel.
  - Drop: Drops traffic rather than forwarding it.
  Note
  The routes for Forwarding Action and Backup Forwarding Action cannot be the same.
- Tunnel All: Read-only.
If you choose the Custom Policy Type, select Add, and select these options:
1. Choose a Source Type:
  - Any: Use when you want a routing policy rule to apply to traffic from any source.
  - Network: Use when you want a rule to apply to traffic from an entire subnetwork, such as a network reserved for contractors and guests.
  - IP Range: Use when you want a rule to apply to traffic from a range of IP addresses, such as the addresses in a DHCP pool reserved for a specific group of users.
  - Interface: Use when you want to apply a rule to all traffic arriving at a specific interface.
  - User Profile: Use when you want to apply rules to specific types of users.
  - Application Service Set: Use to apply rules to specific application types.
2. Choose a traffic Destination.
  - Any: The rule applies to any traffic destination.
  - Network Address: Sets a specific host name, subnet, or IP address range as the destination.
  - Private: The rule applies to traffic destined to the corporate network (VPN).
3. Select Forwarding Actions and Backup Forwarding Actions as described under Split Tunnel above.
To configure Path MTU Discovery, see Path MTU Discovery Settings.
Select SAVE.

For more information, see Configure a Firewall Policy, Configure Dynamic DNS, and Configure URL Filtering Rules.

Continue configuring the network policy.